9d46b723ec666db3e73ae900c474d660

General
Target

9d46b723ec666db3e73ae900c474d660

Size

290KB

Sample

220521-tr5bjaabb8

Score
10 /10
MD5

9d46b723ec666db3e73ae900c474d660

SHA1

a801d00b65f847806ea5c2496c62efae283b3a94

SHA256

80bb4f3c9e2ea5ea1ca55ffa2a5fd303058c240133d32b93e7c89a96712a5cba

SHA512

4d26098cac7368afb62c41b3c9a06870f6ae3d1fe4883ba9a4d5755d9a2e363b2d8cba55ec637ab24362a32a2c4c362d0192659a5abd62f87c2f0b0a9ed3c9cc

Malware Config

Extracted

Family njrat
Version im523
Botnet WormRATT
C2

178.33.93.88:1742

Attributes
reg_key
7869d44e9b90d6b1e669bf52c9e89c61
splitter
|'|'|
Targets
Target

9d46b723ec666db3e73ae900c474d660

MD5

9d46b723ec666db3e73ae900c474d660

Filesize

290KB

Score
10/10
SHA1

a801d00b65f847806ea5c2496c62efae283b3a94

SHA256

80bb4f3c9e2ea5ea1ca55ffa2a5fd303058c240133d32b93e7c89a96712a5cba

SHA512

4d26098cac7368afb62c41b3c9a06870f6ae3d1fe4883ba9a4d5755d9a2e363b2d8cba55ec637ab24362a32a2c4c362d0192659a5abd62f87c2f0b0a9ed3c9cc

Tags

Signatures

  • njRAT/Bladabindi

    Description

    Widely used RAT written in .NET.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Modifies Windows Firewall

    Tags

    TTPs

    Modify Existing Service
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Drops autorun.inf file

    Description

    Malware can abuse Windows Autorun to spread further via attached volumes.

    TTPs

    Replication Through Removable Media

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Privilege Escalation
                  Tasks